Questions Flashcards

Question 1

Q

AWS service encryption enabled by default

Answer

A

CloudTrail Logs

Question 2

Q

AWS Region as minimum how many AZs

Question 3

Q

AZs have minimum how many Data Centres

Question 4

Q

Fault Tolerance is achieved by Scale Up or Scale Out

Answer

A

Scale Out

Question 5

Q

Three best practice areas for Reliability in the cloud

Answer

A

Foundations(AWS Config - monitors and records your AWS resource configurations),

Change Management(AWS CloudTrail, account activity),

Failure Management(CloudWatch - built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers for monitoring applications and performance)

Question 6

Q

AWS Trusted Advisor

Answer

A

Provision your resources following AWS best practices

Cost optimization, security, fault tolerance, service limits, and performance improvement (CSSPF)

Question 7

Q

Amazon GuardDuty

Answer

A

Threat detection service that monitors malicious activity and unauthorized behavior

Question 8

Q

Amazon Inspector

Answer

A

Security Assessment - Assesses applications for exposure, vulnerabilities, and deviations from best practices

Question 9

Q

AWS CloudWatch

Answer

A

For devops engineers

Question 10

Q

AWS CloudTrail

Answer

A

For organization for governance,compliance and audit of AWS accounts

Question 11

Q

AWS Basic Support

Answer

A

Access to the core Trusted Advisor checks
AWS Health Dashboard

Question 12

Q

AWS Developer Support

Answer

A

Email-based technical support during business hours
Access to the core Trusted Advisor checks from Service Quota and basic Security checks

Question 13

Q

AWS Enterprise

Answer

A

Customers with concierge-like service
24x7 technical support from high-quality engineers
Designated Technical Account Manager

Question 14

Q

AWS Enterprise On-Ramp Support

Answer

A

Expert guidance to grow and optimize in the Cloud
Business Critical downtime < 30 mins

Question 15

Q

AWS Business Support

Answer

A

24x7 phone, email and chat access to technical support
Business Critical downtime < 15 mins

Question 16

Q

What provides protection at Amazon API Gateway, Amazon CloudFront or an Application Load Balancer

Question 17

Q

What provides protection at Network layer and Transport layers

Answer

A

AWS Sheild

Question 18

Q

Receive alerts when the reservation utilization falls

Answer

A

AWS Budgets

Question 19

Q

Allows marketers and developers to deliver customer-centric engagement experiences

Answer

A

Amazon Pinpoint

Question 20

Q

Active-active configuration across regions using Managed NoSQL DB

Answer

A

Amazon DynamoDB with global tables

Question 21

Q

AWS Partner Network (APN)

Answer

A

Global partner program for technology and consulting businesses

Question 22

Q

AWS Systems Manager

Answer

A

Gives you visibility and control of your infrastructure on AWS
Unified user interface so you can view operational data from multiple AWS services
Enables to running commands, managing patches, and configuring servers across AWS Cloud as well as on-premises

Question 23

Q

Estimate Cost

Answer

A

AWS Pricing Calculator

Question 24

Q

Comprehensive cost report while running AWS services

Answer

A

AWS Cost and Usage report

Question 25

Q

High level cost report while running AWS services with historical data

Answer

A

AWS Cost Explorer

Question 26

Q

Set alert for cost and usage(utilization) limits

Answer

A

AWS Budgets

Question 27

Q

Dedicated Host vs Instance

Answer

A

BYOL(Bring your own license, like server-bound software licenses) is supported in dedicated host only
Allows to consistently deploy your instance to the same physical server is supported in dedicated host only

Question 28

Q

AWS encryption SDK

Answer

A

Client-side encryption library that is separate from the language–specific SDKs

Question 29

Q

SSE-S3 vs SSE-KMS

Answer

A

SSE-S3 = Server-side encryption with Amazon S3-Managed Keys (free)
SSE-KMS = Server-side encryption with AWS KMS keys (additional charges and has audit trail)

Question 30

Q

Encryption is enabled by default for all the objects written to Amazon S3. True or False?

Question 31

Q

Geolocation vs Geoproximity routing policy

Answer

A

Route traffic base on user location vs location of your resources

Question 32

Q

Multivalue answer routing

Answer

A

Upto 8 healthy records

Question 33

Q

In most cases there is no charge for inbound data transfer or data transfer between other AWS services within the same region. True or False?

Question 34

Q

AWS Endpoint vs AWS PrivateLink

Answer

A

At consumer level vs at service provider level. Both work together to provide private connection to AWS services within AWS.

However AWS PrivateLink also provides private connection of AWS services to on-premises applications

Question 35

Q

AWS site to site VPN vs Direct Connect

Answer

A

Connect on premise to AWS services over public internet
Vs
Connect on premise to AWS services over private network

Question 36

Q

CAF - Business perspective what are the roles?

Answer

A

CEO, CFO, COO, CIO, and CTO
Cloud investments accelerate your digital transformation

Question 37

Q

CAF - People perspective what are the roles?

Answer

A

CIO, COO, CTO, cloud director, and cross-functional and enterprise-wide leaders
(cross-functional and enterprise-wide leaders)
Bridge between technology and business

Question 38

Q

CAF - Governance perspective what are the roles?

Answer

A

CIO, CTO, CFO, CDO, and CRO
(CDO and CRO)
Orchestrate your cloud initiatives while maximizing organizational benefits and minimizing transformation-related risks

Question 39

Q

CAF - Platform perspective what are the roles?

Answer

A

CTO, technology leaders, architects, and engineers
(architects, and engineers)
Build an enterprise-grade, scalable, hybrid cloud platform

Question 40

Q

CAF - Security perspective what are the roles?

Answer

A

CISO, CCO, internal audit leaders, and security architects and engineers
(CISO, CCO)
Achieve the confidentiality, integrity, and availability of your data and cloud workloads

Question 41

Q

CAF - Operations perspective what are the roles?

Answer

A

infrastructure and operations leaders, site reliability engineers, and information technology service managers
(site reliability engineers and IT service managers )
Ensure that your cloud services are delivered at a level that meets the needs of your business

Question 42

Q

Cloud Transformation
Journey

Answer

A

Envision(demonstrating) ->Align(gap analysis)->Launch(delivering pilot)->Scale(expanding pilots)
(EALS)

Question 43

Q

“No upfront payment option with the standard 1-year term”
“All upfront payment option with the standard 1-year term”
“No upfront payment option with the standard 3-years term”
“Partial upfront payment option with the standard 3-years term”

What is % saving in each?

Answer

A

36%
40%
56%
59%

Question 44

Q

AWS SQS and SNS

Answer

A

Used to decouple and scale microservices, distributed systems, and serverless applications

Question 45

Q

AWS Step Functions

Answer

A

Coordinate multiple AWS services into serverless workflows

Question 46

Q

AWS Glue

Answer

A

ETL service

Question 47

Q

VPC Endpoint - Types

Answer

A

Interface(IP based AWS S3 and Others) and Gateway(Route table based supported by AWS S3 and DynamoDB)

Question 48

Q

SG has both Allow and Deny rules. True or False?

Answer

A

False, only Allow

Question 49

Q

NAT ACL has both Allow and Deny rules. True or False?

Question 50

Q

NAT ACL works at?

Answer

A

Subnet level. Its stateless

Question 51

Q

Security Group works at?

Answer

A

Instance(VPC) level

Question 52

Q

NAT Gateway/Instances

Answer

A

Allow private subnet instaces to connect to internet or other AWS Services and restrict inbout internet traffic into subnet

Question 53

Q

Services that have reservations to optimize cost

Answer

A

EC2, DocumentDB, RDS, ElastiCache reserved nodes and RedShift

Question 54

Q

PaaS example

Question 55

Q

IaaS example

Question 56

Q

SaaS

Answer

A

AWS Rekognition

Question 57

Q

AWS EMR

Question 58

Q

AWS Elastic Bean Stock

Answer

A

Deploying and scaling web applications and services

Question 59

Q

High-performance hardware disks that provide fast I/O performance

Answer

A

Instance Store

Question 60

Q

Object storage service

Question 61

Q

High-performance block storage service

Answer

A

Elastic Block Storage

Question 62

Q

Elastic NFS file system

Question 63

Q

Amazon Standard S3 IA vs Intelligent Tiering

Answer

A

Similar except IT is more expensive

Question 64

Q

OS vulnerabilities

Answer

A

AWS Inspector

Answer 54

A

AWS Macie

Answer 55

A

AWS GuardDuty

Answer 56

A

AWS Shield

Answer 57

A

Enterprise

Answer 58

A

Enterprise on-Ramp up

Answer 59

A

Developer

Answer 60

A

For developers to create, publish, maintain, monitor, and secure APIs at any scale

Answer 61

A

EC2, ELB, CloudFront, Route53, Global Accelerator

Answer 62

A

interactive log analytics, real-time application monitoring, website search.
Derived from Elasticsearch

Answer 63

A

S3 does not support file append like EFS

Answer 64

A

EC2, ASGs, EBS and Lambda Functions

Answer 65

A

Build and run graph applications

Answer 66

A

Operational Excellence - Focuses on running and monitoring systems, and continually improving processes and procedures
- Ops as Code, Anticipate and Learn from failure, Use managed services

Performance Efficiency - Focuses on structured and streamlined allocation of IT and computing resources
-Go global in mins, use adv technologies, serverless

Reliability - Focuses on workloads performing their intended functions and how to recover quickly from failure to meet demands
-Stop guessing capacity, Recovery from failure, scale out, manage change through automation

Cost Optimization - Focuses on avoiding unnecessary costs

Security - Focuses on protecting information and systems

Sustainability - Focuses on minimizing the environmental impacts of running cloud workloads

Answer 67

A

AZs are isolated locations within a region will all AWS services
Local Zones are an extension of a region, providing low-latency services to specific geographic areas, enhancing availability beyond traditional regions. They provide more services than edge locations but less than a region or AZ

Answer 68

A

AWS Direct connect
Transit Gateway
Site-to-Site VPN

Answer 69

A

AWS private link allows connecting to AWS services or services in other VPCs privately like a local netowork bypassing the public Internet. If a VPC Endpoint is added to the your VPC then using private link the other VPCs can also use the services of your VPC. Common use cases are Accessing AWS Services, Third-Party Integrations, Multi-account Connectivity

VPC Peering enables connectivity between two VPCs within the same AWS region or across different regions. It allows instances in one VPC to communicate directly with instances in another VPC using private IP addresses. Common use cases Multi-tier Applications, shared services such as logging, monitoring, or security, Disaster Recovery

Answer 70

A

Developer Business Enterprise-on-ramp Enterprise
<12 hrs < 1hr <30 mins <15 mins

- TAMs 1 TAM

Business 24/7 24/7 24/7
hours email
access
- AWS Sup API AWS Sup API AWS Sup API
Incident detection for
additional fee

	                                   AWS Managed Srvs   AWS Managed Srvs 
                                               for additional fee	for additional fee

	                                   re:Post:Private            re:Post:Private 
                                               for additional fee        for additional fee
                                               
                                              Access to                       Access to architectural
                                              architectural                  reviews
                                               reviews

Answer 71

A

U2F security key - Plug into a USB port on your computer. Authenticated by tapping the device instead of manually entering a code
Virtual Multi-Factor Authentication (AWS MFA) device - Software app that runs on a phone or other device and emulates a physical device. Authenticated by typing a valid code from the device
Hardware Multi-Factor Authentication (AWS MFA) device - Hardware device that generates a six-digit numeric code. Authenticated by typing a valid code from the device
SMS text message-based Multi-Factor Authentication (AWS MFA) - IAM user settings include the phone number of the user’s SMS-compatible mobile device. Authenticated by OTP

Answer 72

A

Automated backups - Same region (Recovery Time Objective is lowest)
Manual snapshots - Cross region (Recovery Point Objective is lowest)
Read replicas - Cross region

Answer 73

A

Bootstrap script or configuration parameters while launching your instance
Metadata is data about your instance that you can use to manage the instance

Answer 74

A

Network Load Balances(non HTTP traffic), Application Load Balances and EC2

Answer 75

A

There are four cost components to consider for S3 pricing –
storage pricing;
request and data retrieval pricing;
data transfer and transfer acceleration pricing;
and data management features pricing.

Under “Data Transfer”, You pay for all bandwidth into and out of Amazon S3, except for the following:
(1) Data transferred in from the internet,
(2) Data transferred out to an Amazon Elastic Compute Cloud (Amazon EC2) instance, when the instance is in the same AWS Region as the S3 bucket,
(3) Data transferred out to Amazon CloudFront (CloudFront).

Answer 76

A

Application Load Balancer
Amazon CloudFront
Amazon API Gateway

Answer 77

A

CloudWatch

Answer 78

A

EC2,
Elastic Load Balances,
Amazon CloudFront,
Amazon Route 53,
AWS Global Accelerator

Answer 79

A

AWS Health Dashboard – Your account health

Answer 80

A

GeoLocation - Proximity to user’s location
GeoProximity - Proximity to resource’s location
Latency - Proximity to region

Answer 81

A

TCO Calculator: Estimates the total cost of moving resources from on-premises to Cloud, considering various factors like infrastructure, maintenance, and migration costs

Pricing Calculator: A tool for calculating the costs of running specific workloads on Azure or AWS, providing detailed estimates based on resource configurations

TCO Calculator: Focuses on the broader picture, encompassing overall expenses related to migration and ongoing operations.

Pricing Calculator: Provides granular insights into the costs associated with specific resources, facilitating budgeting and cost optimization

Answer 82

A

Access Policy
Archive
Vault

Answer 83

A

LisghtSail

Answer 84

A

ALB selects target based on the routing rule then selects node using round robin strategy
The classic ALB using round robin for TCP listners only

Answer 85

A

Bucket Policies control access to entire bucket and ACLs to individual object within the bucket

Answer 86

A

https.<bucket>.<S3>/<object></object></S3></bucket>

Answer 87

A

Programmatic access using command line
SDK access
Management concole access

Answer 88

A

Archive, Vault(Groups of archives) and Access Policies(to control access to objects within archive and vaults)

Answer 89

A

Users can access AWS services using their Facebook, Google, Instagram or Active Directory credentials

Federation with IAM Identity Center
Federation with IAM
Federation with Amazon Cognito identity pools

Answer 90

A

Can migrate to and from AWS and on-premise
Can migrate fro EC2 to RDS
Can migrate to Redshift and DynamoDB

Answer 91

A

It can happen across regions and between different AWS accounts
It also used to store data for fault tolerance, DR and redundnacy
Traffic between different regions is encrypted by default but not encrypted by defualt within same region

Answer 92

A

By Customer, By S3, By KMS
Monitoring capability is with KMS only after intergrating with CloudTrail

Answer 93

A

Recommendations on resource types based on operational best practices best practices and user inputs

Answer 94

A

Discover, classify and protect
1. It reads through user data and identify sensitive info using AI, ML and NLU
2. It can’t prevent the unauthroized access to the information but can alert the admin using CloudTraril
3. Its not a fully managed service but needs to be configured

Answer 95

A

Transfer from on-premise to AWS storage services
Between AWS storage services
Between public clouds to AWS storage services
Its for continuous synching vs DMS which is for Database migration only

Answer 96

A

EC2 - Customer
DynamoDB - AWS

Answer 97

A

Serverless query service

Interactive query service that makes it easy to analyze unstructured, semi-structured, and structured data stored in Amazon S3 directly in Amazon Simple Storage Service (Amazon S3) using standard SQL

Compatible with CSV, JSON, AVRO or columnar data formats such as Apache Parquet and Apache ORC,

Answer 98

A

Customer configures and AWS takes backups

Answer 99

A

Simplify application development with GraphQL APIs by providing a single endpoint to securely query or update data from multiple databases, microservices, and APIs

Consolidate data from multiple databases, APIs, and microservices in a single network call, from a single endpoint, abstracting backend complexity

Answer 100

A

Facilitate the development and deployment of web and mobile applications. Quickly build full-stack applications

Answer 101

A

AWS Security Hub provides you with a comprehensive view of your security state in AWS and helps you assess your AWS environment against security industry standards and best practices

Answer 102

A

Simplifies your administration and maintenance tasks across multiple accounts and resources for a variety of protections, including AWS WAF, AWS Shield Advanced, Amazon VPC security groups, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall. It does not work with Network ACLs

Security Hub collects security data across AWS accounts, AWS services, and supported third-party products and helps you analyze your security trends and identify the highest priority security issues

Answer 103

A

Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization.

Not enabled by default

SCPs offer central control over the maximum available permissions for all accounts in your organization. SCPs help you to ensure your accounts stay within your organization’s access control guidelines

SCPs alone are not sufficient in granting permissions to the accounts in your organization. No permissions are granted by an SCP. An SCP defines a guardrail, or sets limits, on the actions that the account’s administrator can delegate to the IAM users and roles in the affected accounts.
The administrator must still attach identity-based or resource-based policies to IAM users or roles, or to the resources in your accounts to actually grant permissions.
The effective permissions are the logical intersection between what is allowed by the SCP and what is allowed by the IAM and resource-based policies

Answer 104

A

AWS Cost Explorer

Answer 105

A

CloudFront

Answer 106

A

S3 Glacier Deep Archive

Answer 107

A

Data centers that deliver data fast to the users

Answer 108

A

Governance Perspective

Answer 109

A

Amazon Lex

Answer 110

A

Incremental data backup

Answer 111

A

Quotas, also referred to as limits in AWS services, are the maximum values for the resources, actions, and items in your AWS account

Answer 112

A

A VPC can span all Availability Zones within an AWS Region

Answer 113

A

Facilitates resource search and discovery within AWS accounts

Answer 114

A

Available through AWS re:Post, offers official articles and videos addressing common questions and requests from AWS customers

Answer 115

A

Browser-based shell provided by Amazon Web Services (AWS) that allows users to run scripts with the AWS Command Line Interface (CLI) and experiment with service APIs

Answer 116

A

Destination (IP address CIDR range) = The destination IPs to which the instances in the VPC is sending traffic to. It value is 0.0.0.0/0 for IPv4 and ::/0 for IPv6

Target (local or gateway ID or network instance) = The gateway/NAT through which the traffic should pass for the list of IPs

Answer 117

A

You can use it to directly connect to your tape drive on premise and using AWS Storage Gateway backup the data on Amazon S3 Tape Library w/o any code changes

Answer 118

A

SSH (IP is public and key stored on accessing machine)
EC2 in private subnet, which talks to bastion host on public subnet which inturn talks to user over internet (key stored on accessing machine)
Add MFA on access
SSM (No need of bastion host. EC2 in private subnet with access to internet using NAT or VPC endpoint)

Answer 119

A

Rehosting — Otherwise known as “lift-and-shift”
Replatforming — I sometimes call this “lift-tinker-and-shift”
Repurchasing — Moving to a different product
Refactoring / Re-architecting
Retire — Get rid of
Retain — Usually this means “revisit” or do nothing (for now)

Answer 120

A

Fully managed service introduced by AWS that facilitates secure, one-click access to internal corporate websites for employees

Secure access from iOS and Android phones to internal websites and web apps, simplifying the user experience with a single-step process

Generates webpage content in the AWS cloud and transfers it to the user’s phone

Answer 121

A

Create and manage catalogs of IT services and Self-service discovery and launch

Users browse listings of products (services or applications) that they have access to, locate the product that they want to use, and launch it all on their own as a provisioned product

Deployment of multi-tier application architectures

Answer 122

A

AWS CloudShell is a browser-based shell that allows users to run scripts with the AWS Command Line Interface (CLI) and experiment with service APIs

Answer 123

A

Visual designer that you can use to build your serverless applications from multiple AWS services

Answer 124

A

Time Stream DB for IoT

Answer 125

A

Prevent the deletion or overwriting of objects in Amazon S3 for a specified duration or indefinitely

Brainscape's Knowledge GenomeTM

Questions Flashcards

Brainscape's Knowledge Genome^TM